[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Failover
- From: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>
- Date: Wed, 30 Apr 2003 13:06:04 -0400
- Mail-followup-to: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>, misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: misc_(_at_)_openbsd_(_dot_)_org
Quoting Bryan Irvine (bryan_(_dot_)_irvine_(_at_)_kingcountyjournal_(_dot_)_com):
> hmmm I understand what you are saying, mark it as a higher metric, but
> I'm hitting a wall in my brain. Lets say all the users specify
> 192.168.0.1 as the default gateway, all of a sudden 192.168.0.1 dies,
> how does machine 2 sitting at 192.168.0.2 know this, and assume the IP
If you use a routing protocol, not a static (default) route,
then the routing daemon will handle it. OSPF is best, RIP
might be acceptable.
Routed runs fine on my Macs, all Unix and there's something
on Windows, I'm sure.
For a full failover daemon, you need to have the secondary be
able to "see" the primary this means heartbeats over several
paths including, ideally, the inside and outside interfaces
and perhaps a private interface (Veritas HA does it over SCSI
when sharing SCSI disks which we never did at Fusion
Systems->OpenVision, serial via SLIP or just a "talker/listener"
Are you solding a problem that actually exists or theorizing one?
I had routing/filtering firewalls with proxies that were up
for 200-400 days at a time. A failure you have been fixed by
bringing it down all the way and doing "ifconfig $INSIDE_IF
alias $otherIP" on the second firewall (which mostly just ran
an HTTP proxy). E.g. I over engineered the firewalls (too cool,
too much power) and they never went down.
> Or maybe I'm not thinking on the correct scale because I'm rather sleepy
> right now.
> On Tue, 2003-04-29 at 19:03, Chuck Yerkes wrote:
> > Why not just use routing to handle this?
> > Two paths out, one more expensive that the other.
> > When the mainone dies, it gets marked as VERY expensive.
> > This is how all routing protocols work.
> > Quoting Bryan Irvine (bryan_(_dot_)_irvine_(_at_)_kingcountyjournal_(_dot_)_com):
> > > Is there something similar to mpathd for OBSD?
> > > If not, how are some of you doing automatic failovers?
> > >
> > > What about recovery detection?
> > >
> > > Bascially I have an OBSD firewall, that is acting as a gateway for 2
> > > LAN's and a DMZ with some critical apps that will be running on it.
> > >
> > > I want to build a second firewall that will only come online in the
> > > event of the first one failing. I've done similar things before by
> > > doing cron'd ping script, but that doesn't do very well at determining
> > > if it failed at all or is just slow, or if it came back online.
> > >
> > > Any ideas?
> > >
> > > --Bryan
Visit your host, monkey.org